Apps

The Altair IoT Studio platform uses Oauth 2.0, an industry-standard protocol for authentication and authorization of external sources of information trying to access information in the platform. These external sources, like anything, must supply Altair IoT Studio with an access token before being able to communicate.

Apps in Altair IoT Studio help to define the permissions needed to supply Altair IoT Studio to get an access token, and then create them to be used externally. There are two types of apps:

Client Credentials: APIs are a software intermediary that allows two applications to talk to each other. In Altair IoT Studio, a REST API is used to enable communication between the client (person or software who requests information) and the server (the one that provides the client with the requested information) following HTTP protocol. REST APIs use authorization mechanisms to ensure clients request access to data securely. This involves authenticating the sender of a request and confirming that they have permission to perform the requested action.; Client credentials apps are used to access resources inside the IoT platform by generating an access token to use the API.
Authorization Code: Authorization code apps are used to authenticate the users of a web or mobile application that has been built on top of Altair IoT Studio. With this grant type, users can be authenticated without exposing a client secret in the app code. Instead, users can authenticate by entering a username and password in the Altair IoT Studio Identity Management Provider to retrieve an authorization code which can be exchanged for an access token.

Create an App

To create a new App, click New App.
In the New App panel, enter the name and a description (optional).
Scopes allow you to configure which areas of Altair IoT Studio the client has access to. Make a selection from the drop down menu. You can select multiple options.

Figure 1.
Chose the type of App you want to build. You can select between Client Credentials, or Authorization Code.

Client credentials are a mechanism to generate an access token to use the API. Use cases include authenticating devices, serverless functions and ECP clusters.

Authorization Code: is a mechanism to authenticate the users of a web or mobile application that has been built using Altair IoT Studio.
Complete the steps below when using Client Credentials:
1. Click Save to create the App.
  The App is created.
  Figure 2.
Complete the steps below when using Authorization Code:
- Redirect uris: indicates where the user will be redirected once authenticated
- Post-logout Redirect uris: indicates where the user will be redirected after logging out
- Frontchannel Logout uri: indicate the uri that supports the frontchannel logout mechanism
- Backchannel Logout uri: indicates the uri that supports the application logged out
- Allowed CORS Origins: indicates the domains that are allowed to access the IDP
Note: You can add multiple uris by separating them with commas.

Figure 3.
1. Click Save to create the App.
  The App is created.
After creating the App, you are redirected to the Authorization tab. You can choose between assigning a Role to the App or defining the Policies by clicking on the +Add Policy button.

Figure 4.
Once you have set the policies, click Save to create the app.

The basic method of authentication used for this purpose is Oauth. All applications have a Client ID and Client Secret, so you can get a token and interact with the platform.

To reset the Secret, on the Details pane, click Reset Client Secret.
The App secret will generate randomly and display on the screen.
Figure 5.

Note: Tokens (or secrets) in the application are only ever displayed once for security reasons. If you lose your token, you will need to reset it using the Reset Client Secret button.
You can use the Secrets Storage section under Space Settings to store your secrets.
Figure 6.